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cryption with first and second keys to provide secure ac- 
cess to information accessible to be shared among a 
dynamically changing set of authorized users on a net- 
work having a server. A single copy of the information, 
encrypted with the first key of the server, is stored in a 
location accessible to all network users. The second key 



is a private key of an authorized user and is used by the 
server to encrypt the first key. The encrypted first key is 
then stored by the server at a storage location accessi- 
ble by the authorized user. The user accesses the stor- 
age location, obtains the encrypted first key, and uses 
his private second key to decrypt and thereby recover 
the first key. The user then decrypts the stored informa- 
tion using the recovered first key. 



FIG. 2 

/N 



USER i 



SERVER 30 



CO 

< 

a> 
o 

in 
o> 
<r> 

o 

a. 

LU 



RSAU. CREDIT CARD i. Ki) 



i. DATA-DESCRIPTORS 
(OPTIONALLY ENCRYPTED) 




CONFIRMATION (OPTIONAL) 



EKitKnew). EKnews(OATA) 



Printed by Jouvo. 75001 PARIS (FR) 



* ; OOCID: <EP 069599743 I > 



EP 0 695 997 A3 



European Patent 
Office 



EUROPEAN SEARCH REPORT 



AppOcatian Number 

EP 95 3G 5G31 



DOCUMENTS CONSIDERED TO BE RELEVANT 



Category 



Citation of document with indication, where appropriate, 
of relevant passage* 



Relevant 
to claim 



CLASSIFICATION OF THE 
APPLICATION (IntCLfi) 



HAAS Z J ET AL: "Secure access to 
electronic newspaper' 

WIRELESS NETWORKS - CATCHING THE MOBILE 
FUTURE - 5TH IEEE INTERNATIONAL SYMPOSIUM 
ON PERSONAL, INDOOR AND MOBILE RADIO 
COMMUNICATIONS (PIMRC"94). AND ICCC 
REGIONAL MEETING ON WIRELESS COMPUTER 
NETWORKS (WCN), PROCEEDINGS OF WIRELESS 
NETWORKS CATCHING, pages 805-8G9 vol. 3, 
XPG0210O913 

1994, Amsterdam, Netherlands, IOS Press, 
Netherlands 

* page 805, column 2 - page 807, column 1 



WO 91 12693 A (ENFRANCHISE SIXTY LTD) 
22 August 1991 

* abstract; claims 1,2 * 

BALENSON D M: "Automated distribution of 
cryptographic keys using the Financial 
Institution Key Management Standard" 
IEEE COMMUNICATIONS MAGAZINE, SEPT. 1985, 
USA, 

vol. 23, no. 9, pages 41-46, XP0021OG914 
ISSN 0163-6804 

* page 42, column 2 - page 45 * 



1-10 



GG6F12/14 



1-10 



TECHNICAL FIELDS 
SEARCHED (lnt.Ct.6) 



The present search report has been drawn up for aD daims 



G06F 
H04L 



THE HAGUE 



Djb» of cofrptetien or Dm »«arch 

22 April 1999 



Zucka, G 



CATEGORY OF CITED DOCUMENTS 

X : particularly wlavant cf taken atone 

Y : particularly relevant if combined with another 

document of the eame category 
A : technological background 
O : non-written dtack>aur« 
P : intermediate document 



T : thaory or prinejpte' underfytno th* invention 
E : earlier potent document, but pubEatied on. or 

after the (ling date 
D : dooument cited in the appftcation 
L : document cited for other reasons 

/ 

a : member of th* tame patent family, corresponding 

document 



BNSDOCID: <EP 0695997A3_I_> 



2 



EP 0 695 997 A3 



ANNEX TO THE EUROPEAN SEARCH REPORT 
ON EUROPEAN PATENT APPLICATION NO. 



EP 95 30 5031 



This annex lists the patent family members relating to the patent documents cited in the above-mentioned European search report. 
The members are as contained in the European Patent Office EDP file on 

The European Patent Office is in no way liable for these particulars which are merely given for the purpose of information. 

22-04-1999 



Patent document 
cited in search report 



Publication 
date 



Pat»nt family 
member(s) 



Publication 
date 



WO 9112693 



22-08-1991 



AU 
EP 
GB 



7236291 A 
0515448 A 
2241096 A,B 



03-09-1991 
02-12-1992 
21-08-1991 



i For more details about this annex : see Officio! Journal of the European Patent Office, No. 12/82 



eNSDOClD: <EP. .0695997 A3 J. > 



(19) 



J 



Europaisches Patentamt 
European Patent Office 
Office europeen des brevets 



(12) 



(11) EP 0 695 997 A2 

EUROPEAN PATENT APPLICATION 



(43) Date of publication: 

07.02.1996 Bulletin 1996/06 

(21) Application number: 95305031.7 

(22) Date of filing: 19.07.1995 



(51) mtci 6; G06F 12/14 



(84) Designated Contracting States: 


(72) Inventors: 


DE FR GB 


• Haas, Zygmunt 




Holmdel, New Jersey 07733 (US) 


(30) Priority: 01.08.1994 US 284025 


• Paul, Sanjoy 




Atlantic Highlands, New Jersey 07716 (US) 


(71) Applicant: AT&T Corp. 




New York, NY 10013-2412 (US) 


(74) Representative: 




Watts, Christopher Malcolm Kelway, Dr. et al 




Woodford Green, Essex IG8 OTU (GB) 



USER i 



RSt|i, CREDIT CiflP *. Ki) M 



(54) Methods for providing secure access to shared information 



(57) The inventive methods employ symmetric en- 
cryption with first and second keys to provide secure ac- 
cess to information accessible to be shared among a dy- 
namically changing set of authorized users on a network 
having a server. A single copy of the information, en- 
crypted with the first key of the server, is stored in a lo- 
cation accessible to all network users. The second key 
is a private key of an authorized user and is used by the 
server to encrypt the first key. The encrypted first key is 
then stored by the server at a storage location accessible 
by the authorized user. The user accesses the storage 
location, obtains the encrypted first key, and uses his pri- 
vate second key to decrypt and thereby recover the first 
key. The user then decrypts the stored information using 
the recovered first key. 
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Description 

FIELD OF THE INVENTION 

5 The present invention relates to a method for providing secure access to shared information in a network computing 

environment. More particularly, the present invention relates to a method for providing efficient and secure access in a 
network to information consisting of electronically stored documents. 

BACKGROUND OF THE INVENTION 

10 

There is at present a need for methods and apparatus for providing secure access to shared information in a com- 
puter network environment. More specifically, there is a need for a large-scale system {i.e. one having a large number 
of users) in which a dynamically- varying subset of users is permitted access to a relatively large amount or grouping 
of associated information for a limited time duration, the time duration being user-dependent. For example, for an elec- 
ts tronic newspaper - i.e. an electronically-stored copy or version of a conventional printed newspaper or the like -- a set 
of users (the subscribers) is permitted access to the electronic newspaper for a predetermined length of time in return 
for a user-paid subscription fee. As used herein, the term electronic newspaper is intended to broadly denote any group- 
ing or set of associated, electronically-stored information to which access is to be provided to a relatively large and 
dynamically changing plurality of users. 
20 Typically, there are no significant restrictions on either the storage system or the transmission medium for such 

shared information. Thus, it would be desirable to provide a universal mechanism to prevent unauthorized access to 
the shared information. 

SUMMARY OF THE INVENTION 

25 

An advantageous method in accordance with the present invention for securely sharing information in networks is 
provided through an association between the communicating parties formed using at least two cryptographic keys. A 
server contains the information to be accessed, encrypted by a first key, and the user requesting the information holds 
a second key. A "locker", associated with or accessible by - optionally only by -- the user, holds the first key in a form 

30 that has been encrypted (i.e. "locked") with the second key of the user, so that only that user can decrypt the first key 
and thereby enable decryption of the information to be accessed. Typically, the locker is a buffer or memory storage 
location at the server although it may advantageously be located anywhere on the network, as for example at the user's 
workstation. The information securement method of the present invention may thus be termed the Locker Key method 
and the first key may be denoted the Locker Key since it is stored in encrypted form in the user's locker. When an 

35 authorized user requests access to the stored information, the encrypted first key is placed in the user's focker. The user 
accesses his locker, employs his second key to decrypt the first key and then uses the decrypted first key to decrypt the 
information. The inventive method accordingly uses two symmetric cryptographic systems: (1) the first key that both 
encrypts and decrypts the information to be accessed, and (2) the second key that both encrypts and decrypts the first 
key. 

40 The inventive method provides a number of significant advantages. The information to be accessed is encrypted 

only once and only a single copy is stored by or at the server for access by a dynamically-varying plurality of users. 
Moreover, the encryption of the information is performed off-line rather than at the time that any particular user requests 
access to that information. In addition, there is no need to redistribute the first key when it changes. The method of the 
invention is particularly advantageous and suitable for use in providing secure access electronic newspapers and mul- 

45 timedia documents and the like. 

The present invention may also provide users with an interface routine that integrally incorporates and restricts user 
access to the first key. The routine is run or executed on the user's local terminal or computer or machine which auto- 
matically communicates with the server, retrieves the encoded first key from the user's locker, decrypts the first key, 
uses the decrypted first key to decrypt the information from the server, and then displays the information to the user. 

50 When the user's permission to access the information expires, no new key is placed in the user's locker and the interface 
routine will be unable to successfully decrypt the information. 

The various features of novelty which characterize the invention are pointed out with particularity in the claims 
annexed to and forming a part of this disclosure. For a better understanding of the invention, its operating advantages 
and specific objects attained by its use, reference should be made to the accompanying drawings and descriptive matter 

55 jn which there are illustrated and described several currently preferred embodiments of the invention. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

In the drawings, wherein simitar reference characters denote similar elements throughout the several views: 

5 Fig. 1 is a pictorial block diagram of an embodiment of the present invention; 

Fig. 2 is a pictorial diagram of a first embodiment of the present invention for controlled access to an electronic 
newspaper; 

io Fig. 3 is a pictorial diagram of a second embodiment of the present invention employing an interface routine operable 

for providing controlled access to the electronic newspaper; 

Fig. 4 is a pictorial drawing of a third embodiment of the present invention; 

is Fig. 5 is a pictorial drawing of a fourth embodiment of the present invention; 

Fig. 6 is a computer source code listing of a first embodiment of a portion of an interface routine in accordance with 
the present invention; and 

20 Fig. 7 is computer source code listing of a second embodiment of a portion of an interlace routine in accordance 

with the present invention. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 

25 The present invention provides a novel solution to the problem of providing secure access to shared information in 

a network computing environment. In general, security in communications systems involves the attributes of source/des- 
tination authentication, information privacy, information integrity, prevention of unintended service denial, and copyright 
enforcement. The present invention addresses primarily two of those attributes, namely authentication and copyright 
enforcement. 

30 The invention operatively provides secure access to shared information, such as an electronic newspaper, by a 

method useful in an architecture in which a network, including a group of users, may wish or seek to acquire access to 
a shared piece or set of information located in the same place (e.g. at the server). This is accomplished through the use 
of two secret encryption keys — a first secret key K news and a second secret key Kg. The first secret key K news is also 
referred to herein as the 'locker key" K news , which refers to the fact that during at least one step of the inventive method 

35 the key K news is stored in a "locker* or buffer or storage location associated with a particular user that is legitimately 
permitted to access the stored information (i.e. the electronic newspaper). The second secret key Kj is the private key 
of the user /. Throughout this specification, the designation user / should be understood as denoting either a particular 
human operator or an application program executing at a subscriber work station or network node or connection. The 
notation E^X), as used herein, identifies information X, such for example as an electronic newspaper 32 (Fig. 1), that 

40 has been encrypted using the encryption key k. 

The inventive method is pictorially depicted in Fig. 1 to which reference should be made in considering the following 
description. 

The inventive method protects the stored information, e.g. the electronic newspaper 32, from users outside of the 
authorized group by encrypting it with the first key K news (i.e. the server's private key, generated by and known only to 

45 the server). Then the key K news is made available only to users within the authorized group. Each user i is assigned or 
provided with access to a "locker". It is generally contemplated that the locker is a storage location or buffer 10 at a 
server 30, but it may alternatively be located anywhere in the network 40. The locker key K news is placed in the user's 
buffer 10 in a form encrypted with that user's private key K p i.e. E Ki (K news ). A single copy of the electronic newspaper 
32 is stored at or by the server 30, encrypted with the key K n0WS . A user / that wishes to access or view (i.e. purchase) 

so that stored copy of the electronic newspaper 32 transmits his private key K v which is known to and/or generated by the 
user /, to the server 30. In return, the key B Ki {K new ^ t i.e. K news encrypted by the key K h is placed in the buffer 10 of 
the user /. When user /thereafter wishes to view or access the encrypted newspaper, or a portion thereof, user / retrieves 
the encrypted form of the key K news from the buffer 10, uses his private key /C, to decrypt the key K news , and then uses 
the decrypted key K news to decrypt the encrypted newspaper or desired portion thereof. 

55 The first key K news and the second key K f may. for example, be defined as a series of characters, such as numbers 

or letters or combinations thereof. Network-generated numbers may be in binary form or may, after being generated, 
be converted to binary form. 

The exchange of information for accessing an electronic newspaper in accordance with one form of the inventive 
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method is more particularly illustrated in Fig. 2. In the initial set-up phase, the user / tansmits his ID as an identification 
parameter - e.g. a network identification name or number - his credit card number (for billing purposes), and his/her 
private key K,-tothe server 30. This information is preferably encrypted with a public key K sefV oi the server 30 to prevent 
unintended third party access. The server 30 may, optionally, then confirm the request or subscription. 

5 The server's public key K serv is assumed to be freely available to subscribers from a key registry, which is the 

equivalent of a "yellow pages" for public key cryptography. The public key K serv allows secure transmission of start-up 
or query data to various servers, such as for storing and providing access to newspapers, weather, stock quotes, etc. 
Asymmetric cryptology by public key encryption is used only for public key K serv at this initial set-up stage for secure 
transmission of the secret information of user / to the server (e.g., the key K,) and to mask the identity of the user. In 

10 contrast, the inventive method employs symmetric cryptography for subsequent encryption/decryption of data with keys 
K i and K news- Tnus - after the set-up stage user / may request access to the newspaper data by sending to the server 
30 his ID (/) with a description (data-descriptor) of the requested data. These fields may optionally be encrypted with 
the private key K, to provide user privacy, i.e. where user / does not want others to know what data he is accessing. The 
server 30 responds by sending the key K newst encrypted with the user's private key K h Then, typically, the requested 

'5 newspaper data, encrypted with K news , is sent to user /. 

The entire newspaper represents a rather large amount of data, and it is anticipated that user requests will generally 
be article-based -- i.e. a user may first request an index of articles, with each future access seeking only one or more 
individual articles. Thus, each article in the newspaper may be individually encrypted, allowing more rapid access to 
each individual article. However, the invention is also intended to accommodate variations in which the entire newspaper 

?o js encrypted as a single document. 

The present invention provides a number of important advantages. For one, only a single encrypted copy of the 
electronic newspaper is stored on or by the server. Moreover, encryption of the newspaper is performed only once for 
a given key K news . In addition, the encryption can be done "off-line", i.e. not in "real time", thus avoiding server congestion 
at times of peak demand. 

The inventive method, as hereinabove described, provides a reasonably high measure of security. However, it is 
potentially susceptible to fraud by subscribers that may improperly distribute the keys K,and K news , or the decrypted 
newspaper itself, to non-subscribers or others who do not pay or otherwise properly request and obtain access to the 
information. Protection against distribution of the decrypted locker key K news is provided by frequent changing of the 
locker key. Thus, the server 30 may periodically re-encrypt the newspaper using a new locker key /C' nevvs and place this 
30 new key, encrypted by each respective user's private key K p in all eligible lockers. When a user's access permission 
expires, that user's locker is not reloaded with the encrypted new locker key. Advantageously, in accordance with the 
invention, when the locker key changes, the server need not multicast or widely distribute the new locker key; only the 
lockers of then eligible or authorized users need to be modified. Authorized users may thus access their lockers with 
their respective private keys K f to retrieve and decrypt the encrypted new locker key. 
3S a second embodiment of the inventive method seeks to avoid such fraudulent behavior by restricting users' direct 

access to the server 30, and to the decrypted key K news , through the use of an interface routine. The interface routine 
is a relatively short software program that is sent as object code to the user /, as shown in Fig. 3, in response to user 
payment of the information access fee. The user i's work station uses the interface routine to access the server 30 in 
such a way that the value of the key K news is hidden from user /. This prevents user i from improperly distributing the 
40 kev K news or from manually decrypting and distributing the newspaper. The interface routine acts as an extension of the 
server 30 that is remotely executed on the user i's hardware. Thus, all communication between the user / and server 
30 is performed through and by the interface routine. At each intended access of the stored information, the user / 
invokes the routine, which automatically, and without user intervention, retrieves the encrypted key E Ki (K news ) together 
with the encrypted newspaper portion of interest E Knews (news) from the server 30. The interface routine then uses the 
4S user i's private key K f to decrypt the locker key K newst and uses the decrypted locker key K news to decrypt the newspaper 
or data portion. The decrypted text is then sent to the user i's application program or displayed on his/her screen, as for 
example in a window of a graphical user interface. 

Of course, the user / may still fraudulently redirect the displayed output to a file and distribute the file itself toothers. 
However, the relatively large size of the newspaper makes it difficult and time consuming for users to download the 
entire newspaper. Thus, a user's ability to fraudulently distribute such data is limited. 

Since each user / knows his/her locker key K h user / could still intercept the communication between the routine 
and the network to retrieve E Ki (K^J, obtain and publicly distribute the public key K news (i.e. manually bypass the 
interface routine). This problem can be avoided by creating the user key K, from two components: one component Kf 
supplied by the user, and one component Kf supplied by the server. The key Kg is then computed by the server and by 
the interface routine, for example as /C, = © Kf where © denotes a bitwise exclusive-or (XOR) operation; this is 
depicted in Fig. 4. Thus, only the combination of the server 30 and the interface routine know K- the server-supplied 
Kf is hidden in the routine, and the composite key K t is not therefore known to the user /. Accordingly, even if a user / 
intercepts the communication between the server 30 and the routine, he cannot retrieve the key K news because he does 



so 
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not know K { . Moreover, no user other than the intended user / can provide K, u to the routine to compute the composite 
key K/that is required to access the encrypted newspaper data. 

It will be recognized that a dishonest user / may yet transmit a copy of the interface routine to an unauthorized user 
/, who ccould then use the routine to access the newspaper so long as user /additionally supplies user j with his (secret) 
s key component /C, u This permits user j to invoke the interface routine and to supply user i's key component K, u to the 
routine to attain access to and view the electronic newspaper A variety of deterrents to such practice may optionally be 
employed. 

A first deterrent is to have the interface routine, when invoked using the correct user key component configured 
to allow access to the user i's credit card number, as for example by flashing or displaying the credit card number of 

io user /on the screen. Such an improvement may make user /somewhat more reluctant to provide others with the interface 
program and his key component Kf. 

A second deterrent is to have the user transmit during the set-up stage -- as for example with the initial message 
from the user - (1) his credit card number and (2) a list of Internet Packet (IP) addresses of a limited number of machines 
or stations or locations from which user / anticipates seeking access to the electronic newspaper. The interface routine 

'5 may then be configured so that each time it is invoked, it transmits to the server the IP address of the node or terminal 
from which it has been invoked and the routine's ID, which is itself associated with the particular user i The server 30 
can then confirm whether the routine was invoked from one of the previously-specified IP addresses and, if not, the 
server may (1 ) separately and additionally charge the user / for each such access from a machine or location not in the 
original list, (2) deny access to the machine or location not in the original list, or (3) direct all responses to the location 

20 of one of the previously specified IP addresses. Of course, the user / may selectively request a change of his registered 
IP address by sending such request to the server in suitably encrypted form, thus preventing user /from altering user 
i's registration information without user i*s knowledge. 

A third deterrent is to have the server 30 allow only one copy of each user's interface routine to be active at any 
given time. This variation is shown in Fig. 5 and requires that the routine send its IP address to the server 30 when it is 

2S invoked. If the server 30 finds that the same routine is already active, it will prevent the newly-invoked routine from 
proceeding to retrieve either the locker key or the encrypted version of the electronic newspaper. Thus, if a user / dis- 
tributes copies of his interface routine to one or more unauthorized users j, only one of them will be able to use the 
routine at any given time, all others being denied concurrent service. 

The herein -disclosed methods of the present invention that utilize an interface routine are, as will be appreciated, 

30 most effective if the interface routine is constructed so as to be highly tamper-resistant. For example, the routine should 
integrally hide the values of the required keys and key components. Preferably, the code is made sufficiently difficult so 
that •manual" processing is required to reverse engineer (i.e. disassemble) the code. Additionally, the routine may be 
written such that a forged or unauthorized version of such a routine would be readily detectable by server 30. 

Preferably, to prevent unauthorized access the routine will be frequently changed, i.e. customized and redistributed, 

35 for example, with every new electronic newspaper edition. The routine is customized to have a structure that prevents 
improper automatic retrieval of data from the routine code and that renders manual retrieval of data much more expensive 
in time and resources than the price of access to the data itself. Customization of the routine may, by way of example, 
involve changing the location of the keys within the routine's code or within run-time memory, changing the data flow of 
the routine's execution, or adding extra commands. In addition, the routine may interleave data and executable code to 

40 prevent automatic disassembling of the code. Preferably, the hidden keys may be translated into meaningful machine 
language instructions and the key location randomly moved within the machine code of the routine. Furthermore, refer- 
ences in the program to the location of a key can be indirect so as to require an intruder to closely follow the code 
execution flow to determine the key location. 

Figs. 6 and 7 show, by way of nonlimiting example, portions of two differently-customized routines that perform the 

45 same task. Two keys are hidden in different program locations that are only indirectly accessed. In these routines, the 
indirect access is based on the content of another memory location (FIRST and SECOND), but can also be implemented 
using the contents of a register. This arrangement makes it difficult to design a program operable for determining the 
location of the key. The key in both routines is, moreover, translated into a sequence of legitimate machine instructions. 
These routines can accordingly hide the same key in different locations or two different keys in different locations. 

so An example illustrating the operating efficiencies attainable in accordance with the present invention now be de- 

scribed. 

The following calculations compare the access times experienced by users accessing an electronic newspaper, first 
in a system S, based on batch encryption in accordance with the inventive method, and then in a second system S 2 in 
which the encryption is performed in real time in response to user requests as in the prior art. The calculations assume 
55 a single encryption server and that the arrivals of requests at the electronic newspaper server are Poisson-distributed 
with parameter X. The access time in each of the systems S,, S 2 consists of a number of components. 

System S, performs the steps of: retrieving the encrypted locker key, hereinafter 
-f\LC): retrieving the pre-computed ciphertext of the requested article, hereinafter -r{CT): and transmitting the two items 
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back to the user, hereinafter t(LC + CT). 

System S 2 performs the steps of: retrieving the requested data, hereinafter -W, encrypting the articles hereinaflPr 
-e{A): and transmitting the ciphertext. hereinafter f(C7). articles, hereinafter 

Assuming zero load, the access times x, for the system S, and x^for the system S ? are: 

x, = r(LC) + rfC77 + ff/-C + CT) x 2 = r(A) + e(A) + ffCT} (Eq . , , 

In general, the server-generated key LC is of fixed length, whereas the lengths of the cipher text CT and nf tho ,i M „ w 
article A are random variables (r.v.). Thus, x, and x.are also r.v. with ^^JS^^^^ 
ransmitta, process ,(.) can be modeled as a queue. Consequent*, each of the systems S, and S^p^TseViTS 
three queues in tandem. This example assumes the following relationships: 2 V 

1. One queue is considerably more congested than others, creating a bottleneck. 

2. The time to perform the retrieva., transmission, and encryption operations is .inear with the amount of data. 
4. The size of the ciphertext is proportional to and longer than the cleartext size. 

pieleo! da 8 ,l° " ^ " *"* * C ° nSiderabl V ton 9 er ,han « h * time to retrieve and/or to transmit the same 



The calculations further assume that the bandwidth of the retrieval operation is considerably larger than the network 

vstemf'T T , ,aS ' aSSUm P tio "' While — ■*» in conventional networks, may no, be va ^ l n I 

systems -- as for example in gigabit networks. ' ° some 

^^f" tHe , ° r ? 90ing assum P' io "3, the calculations approximate the systems S, and S 2 as single AtfG/1 queue 
systems with access times given, respectively, by. queue 

30 x, = f(XC +CT)= t(CT) and x 2 = e(AeEq. 2) 

The term AtfG/1, as used herein, defines a specific type of queue system; such a queue system is for examole 
described in L. Klemrock. Queuing Systems: Vol. 1 : Theory (John Wiley & Sons 1 975) P ' 

By assuming the above-mentioned relationships (2), (4) and (5), we may assert that 

35 ~x 2 - k- T 2 (k> 1). 

1 Q7^ Si ?h ™ la : :zek - Khinchin '°™ ola (L- Kleinrock, -Queueing Systems: Vol. i : Theory", p. 1 91 (John Wiley & Sons 
1975)). the waiting times in the queues S, and respectively, are : ( W " ey & Sons 



« w * X i 2(1+C *, 2 ) , x 2 2 (1 + C x 2 ) 

S ' = 2 (TpT) - ^ = (Eq . 3) 

v^ot I^om T*r, ' S " COeffiCient " — °' - P— « <' = 1 ■ *> -e coefficient of 



variation of a random process x is defined as 
Thus, 

„ ^_ *(1*C J>> 2 )«r-p < ) 



*V 0 + O(i-P a > < E c 4 > 



« .h D l ° as f ump, ; on < 4 > above - the distribution of the ciphertext length has different parameters but the same shaoe 
and to encrvo Zc, fT* ^ Furth< ~ * * (2), the'mes to tra^UhTdphertTxt 

- S*-S5£^£ Consequent, the 
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W s ^ (1 - p 2 ) K q °> 

Thus, the mean waiting time for the batch system of the present invention is reduced by a factor on the order of k 2 as 
compared to the mean waiting time for the prior art real-time system. 

The mean system time (T s ) is defined as the sum of mean waiting time (W x ) and the mean service time (x), i.e. 

r s, = w s y + ^ and T s 2 = w s 2 + V 2= w s 2 + k *\ < E q s 6) 

Therefore, 

^ J% *t*- Pl ) 

T s - W s ^ ~ W Sf (1-p 2 ) (tq /) 



The access times of the systems S 7 and S 2 are compared by assuming, in Equation 7, that the average article or 
75 electronic document is on the order of 5000 bytes, that the (software-based) encryption speed is on the order of 1 00Kbps, 
that the size of the ciphertext approximately equals the corresponding cleartext, that the transmission links are T1 lines 
(+1 .5 Mbps), and that the memory access throughput is 10 Mbps (i.e. r(CT) « t(CT)). This comparison indicates that 
the first system S v which employs the inventive method, has an access time of about 1 /435th, or about 0.02%, of the 
access time of the second or prior art system 
20 Thus, there is realized a substantial improvement in access time by encrypting the electronic newspaper once, 

off-line, for all users as compared to individually encrypting the newspaper for each user in real-time upon arrival of that 
user's request. 

Thus, while there have been shown and described and pointed out fundamental novel features of the invention as 
applied to preferred embodiments thereof, it will be understood that various omissions and substitutions and changes 
25 in the form and details of the disclosed invention may be made by those skilled in the art without departing from the 
invention. It is the intention, therefore, to be limited only as indicated by the scope of the claims appended hereto. 



Claims 

30 

1. A method of controlling access to electronically-defined information among a plurality of users connected to a net- 
work having a server operable for assuring that the electronically-defined information is accessible by only at least 
a predetermined one of the plural users, each of said plural users having a unique first encryption key known only 
to said each user and to the server, said method comprising the steps of: 

35 encrypting the electronically-defined information using a second encryption key known only to the server to 

define encrypted information; 

storing the encrypted information in network-associated electronic storage accessible through the network to 
said plurality of users; 

encrypting the second encryption key using the first encryption key of the predetermined user to which access 
40 to the electronically-defined information is to be provided so as to define an encrypted second key; 

storing the encrypted second key in an electronic storage location accessible by said predetermined user; and 
attaining access by the predetermined user to the unencrypted electronically-defined information by: 

accessing the stored encrypted second key from a network-connected apparatus of the predetermined 

user; 

45 decrypting the accessed encrypted second key using the first key of the predetermined user at the appa- 

ratus of the predetermined user to recover the second encryption key; 

accessing the stored encrypted information from the network-connected apparatus of the predetermined 

user; and 

decrypting the accessed encrypted information using the recovered second encryption key to recover 
50 the electronically-defined information for examination of the recovered information by the predetermined user. 

2. A method in accordance with claim 1, further comprising the step of generating the second encryption key at the 
server. 

55 3. A method in accordance with claim 1 , further comprising the steps of: 

periodically generating a new second encryption key to replace a then-current second encryption key; and 
each time that a new second encryption key is generated, 
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4. 



6. 



20 7. 



encrypting the new second encryption key using the first encryption key of the predetermined user so 
as to define a new encrypted second key; and 

storing the new encrypted second key in the electronic storage location accessible by the predetermined 
user to replace the encrypted second key previously stored in the electronic storage location for access bv the 
predetermined user 7 

A method in accordance with claim 3 and further comprising, each time that a new second encryption key is gen- 
erated, the steps of: y 

encrypting the electronically-defined information using the new second encryption key to define 
newly-encrypted information; and 

storing the newly-encrypted information in the network-associated electronic storage accessible through the 
network to said plurality of users to replace the previously-stored encrypted information. 

A method in accordance with claim 1, wherein said step of storing the encrypted second key comprises storing the 
encrypted second key in an electronic storage location accessible only by the predetermined user. 

A method in accordance with claim 1 , wherein said step of storing the encrypted information comprises storing the 
encrypted information in electronic storage associated with the server. 



A method in accordance with claim 1 , wherein said steps of accessing the stored encrypted second key decrypting 
the accessed encrypted second key to recover the second encryption key, and decrypting the accessed encrypted 
information using the recovered second encryption key being carried out by operation of an executable program 
routine so as to restrict direct access by the predetermined user to the recovered second encryption key and thereby 
prevent unintended access to the recovered second encryption key by ones of said plural users other than the 
25 predetermined user 

8. A method in accordance with claim 1 , wherein said steps of accessing the stored encrypted second key decrypting 
the accessed encrypted second key to recover the second encryption key, and decrypting the accessed encrypted 
information using the recovered second encryption key being carried out by operation of an executable program 
routine at the apparatus of the predetermined user so as to restrict direct access by the predetermined user to the 
recovered second encryption key and thereby prevent unintended access to the recovered second encryption key 
by ones of said plural users other than the predetermined user. 



9. 



A method in accordance with claim 1 , where in said step of storing the encrypted second key comprises storing the 
encrypted second key in an electronic storage location associated with the apparatus of the predetermined user 

10. A method in accordance with claim 1, wherein said step of encrypting the electronically-defined information com- 
prises dividing the information into a multiplicity of information portions and separately encrypting each of the mul- 
tiplicity of information portions to define encrypted information comprising a multiplicity of separately-encrypted por- 
tions each individually accessible by predetermined ones of said plural users. 



45 
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FIG. 1 
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FIG. 3 
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FIG. 4 
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FIG. 5 
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FIRST: 



FIG. 6 

/N 



MOV AX. I (FIRST) 

MOV DS. AX 
MOV SUM, 0 
CMP SUM. 100 
JNA NOT-DONE 
MOV AL. SUM 



NOT-DONE: 



MOV DS. AX 

MOV ES. AX 

CMP SUM. 73 

MOV SI. AX 



//INDIRECTLY JUMP THROUGH INDEXING KITH THE CONTENT 
//OF LOCATION FIRST 



//THE VALUE OF THIS LOCATION DETERMINES THE KEY OFFSET 



//OFFSET WITH FIRST POINTS HERE. THE KEY STARTS 
//HERE AND MAY GO ON SPANNING SEVERAL 
//•DUMMY* INSTRUCTIONS 



FIG. 7 



MOV AX. I (SECOND) 



MOV OS. 
MOV SUM, 
MOV AL. 
CMP SUM, 
JNA NOT-DONE 



AX 
0 

SUM 
100 



NOT-OONE 



SECOND: CMP SUM. 45 



MOV OS. AX 

MOV ES. AX 

CMP SUM, 73 

MOV SI. AX 



//INDIRECTLY JUMP THROUGH INDEXING KITH THE CONTENT 
//OF LOCATION SECOND 



//THE VALUE OF THIS LOCATION DETERMINES THE KEY OFFSET 



//OFFSET KITH SECOND POINTS HERE. THE KEY STARTS 
//HERE AND MAY 60 ON SPANNING SEVERAL 
//'DUMMY' INSTRUCTIONS 
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